<!doctype html>


<html>
<head>
  <link rel="shortcut icon" href="static/images/favicon.ico" type="image/x-icon">
  <title>TrustedResourceUrl (Closure Library API Documentation - JavaScript)</title>
  <link rel="stylesheet" href="static/css/base.css">
  <link rel="stylesheet" href="static/css/doc.css">
  <link rel="stylesheet" href="static/css/sidetree.css">
  <link rel="stylesheet" href="static/css/prettify.css">

  <script>
     var _staticFilePath = "static/";
     var _typeTreeName = "goog";
     var _fileTreeName = "Source";
  </script>

  <script src="static/js/doc.js">
  </script>

  <script type="text/javascript" src="//www.google.com/jsapi"></script>
  <script type="text/javascript">
     google.load("visualization", "1", {packages:["orgchart"]});
     var _loadingVisualizations = true;
  </script>

  <meta charset="utf8">
</head>

<body onload="grokdoc.onLoad();">

<div id="header">
  <div class="g-section g-tpl-50-50 g-split">
    <div class="g-unit g-first">
      <a id="logo" href="index.html">Closure Library API Documentation</a>
    </div>

    <div class="g-unit">
      <div class="g-c">
        <strong>Go to class or file:</strong>
        <input type="text" id="ac">
      </div>
    </div>
  </div>
</div>





<div class="colmask rightmenu">
<div class="colleft">
    <div class="col1">
      <!-- Column 1 start -->

<div id="title">
        <span class="fn">html.TrustedResourceUrl</span>
        <span>Extends</span>
        <span class="fn-name">
          
        </span>
</div>

<div class="g-section g-tpl-75-25">
  <div class="g-unit g-first" id="description">
    A URL which is under application control and from which script, CSS, and
other resources that represent executable code, can be fetched.

Given that the URL can only be constructed from strings under application
control and is used to load resources, bugs resulting in a malformed URL
should not have a security impact and are likely to be easily detectable
during testing. Given the wide number of non-RFC compliant URLs in use,
stricter validation could prevent some applications from being able to use
this type.

Instances of this type must be created via the factory method,
(<code> goog.html.TrustedResourceUrl.fromConstant</code>), and not by invoking its
constructor. The constructor intentionally takes no parameters and the type
is immutable; hence only a default instance corresponding to the empty
string can be obtained via constructor invocation.


  </div>


        <div class="g-unit" id="useful-links">
          <div class="title">Useful links</div>
          <ol>
            <li><a href="goog.html.TrustedResourceUrl#fromConstant">Also See:</a></li>
            <li><a href="local_closure_goog_html_trustedresourceurl.js.source.html"><span class='source-code-link'>Source Code</span></a></li>
            <li><a href="http://code.google.com/p/closure-library/source/browse/local/closure/goog/html/trustedresourceurl.js">Git</a></li>
          </ol>
        </div>
</div>






<h2 class="g-first">Inheritance</h2>
<div class='gviz-org-chart-container goog-inline-block'>
<table class='gviz-org-chart' style='display:none'>
  <tr><td>goog.html.TrustedResourceUrl</td><td></td></tr>
</table>
</div>
<div class='gviz-org-chart-container goog-inline-block'>
<table class='gviz-org-chart' style='display:none'>
</table>
</div>




  <h2>Constructor</h2>
      <div class="fn-constructor">
    goog.html.TrustedResourceUrl(<span></span>)
  </div>



<h2>Instance Methods</h2>


  <div class="legend">
        <span class="key publickey"></span><span>Public</span>
        <span class="key protectedkey"></span><span>Protected</span>
        <span class="key privatekey"></span><span>Private</span>
  </div>







<div>
       <div class="desc">
         Defined in
         <span class="fn-name">
            <a href="class_goog_html_TrustedResourceUrl.html">
              goog.html.TrustedResourceUrl
            </a>
         </span>
       </div>






<div class="section">
  <table class="horiz-rule">


     <tr class="even entry public">
       <td class="access"></td>






  <td>
    <a name="goog.html.TrustedResourceUrl.prototype.getDirection"></a>


     <div class="arg">
       <img align="left" src="static/images/blank.gif">

        <span class="entryName">getDirection<span class="args">()</span>
        </span>
      </div>


     <div class="entryOverview">
       Returns this URLs directionality, which is always <code> LTR</code>.

     </div>

   
  </td>


  <td class="view-code">
     <a href="local_closure_goog_html_trustedresourceurl.js.source.html#line120">code &raquo;</a>
  </td>
     </tr>


     <tr class="odd entry public">
       <td class="access"></td>






  <td>
    <a name="goog.html.TrustedResourceUrl.prototype.getTypedStringValue"></a>


     <div class="arg">
       <img align="left" src="static/images/blank.gif">

        <span class="entryName">getTypedStringValue<span class="args">()</span>
        </span>
      </div>


     <div class="entryOverview">
       Returns this TrustedResourceUrl's value as a string.

IMPORTANT: In code where it is security relevant that an object's type is
indeed <code> TrustedResourceUrl</code>, use
<code> goog.html.TrustedResourceUrl.unwrap</code> instead of this method. If in
doubt, assume that it's security relevant. In particular, note that
goog.html functions which return a goog.html type do not guarantee that
the returned instance is of the right type. For example:

<pre class="lang-js prettyprint">
var fakeSafeHtml = new String('fake');
fakeSafeHtml.__proto__ = goog.html.SafeHtml.prototype;
var newSafeHtml = goog.html.SafeHtml.from(fakeSafeHtml);
// newSafeHtml is just an alias for fakeSafeHtml, it's passed through by
// goog.html.SafeHtml.from() as fakeSafeHtml instanceof goog.html.SafeHtml.
</pre>
     </div>

   
  </td>


  <td class="view-code">
     <a href="local_closure_goog_html_trustedresourceurl.js.source.html#line103">code &raquo;</a>
  </td>
     </tr>


     <tr class="even entry public">
       <td class="access"></td>






  <td>
    <a name="goog.html.TrustedResourceUrl.prototype.toString"></a>


     <div class="arg">
       <img align="left" src="static/images/blank.gif">

        <span class="entryName">toString<span class="args">()</span>
        </span>
      </div>


     <div class="entryOverview">
       Returns a debug string-representation of this value.

To obtain the actual string value wrapped in a TrustedResourceUrl, use
<code> goog.html.TrustedResourceUrl.unwrap</code>.


     </div>

   
  </td>


  <td class="view-code">
     <a href="local_closure_goog_html_trustedresourceurl.js.source.html#line135">code &raquo;</a>
  </td>
     </tr>


  </table>
</div>
</div>




<h2>Instance Properties</h2>







<div>
       <div class="desc">
         Defined in
         <span class="fn-name">
            <a href="class_goog_html_TrustedResourceUrl.html">
              goog.html.TrustedResourceUrl
            </a>
         </span>
       </div>






<div class="section">
  <table class="horiz-rule">


     <tr class="even entry private">
       <td class="access"></td>





  <a name="goog.html.TrustedResourceUrl.prototype.TRUSTED_RESOURCE_URL_TYPE_MARKER_GOOG_HTML_SECURITY_PRIVATE_"></a>

  <td>


     <div class="arg">
        <img align="left" src="static/images/blank.gif">

        <span class="entryName">TRUSTED_RESOURCE_URL_TYPE_MARKER_GOOG_HTML_SECURITY_PRIVATE_</span>
        : 
     </div>


     <div class="entryOverview">
       A type marker used to implement additional run-time type checking.

     </div>

  </td>


  <td class="view-code">
     <a href="local_closure_goog_html_trustedresourceurl.js.source.html#line70">Code &raquo;</a>
  </td>
     </tr>


     <tr class="odd entry public">
       <td class="access"></td>





  <a name="goog.html.TrustedResourceUrl.prototype.implementsGoogI18nBidiDirectionalString"></a>

  <td>


     <div class="arg">
        <img align="left" src="static/images/blank.gif">

        <span class="entryName">implementsGoogI18nBidiDirectionalString</span>
        : 
     </div>


     <div class="entryOverview">
       <span class='nodesc'>No description.</span>
     </div>

  </td>


  <td class="view-code">
     <a href="local_closure_goog_html_trustedresourceurl.js.source.html#line112">Code &raquo;</a>
  </td>
     </tr>


     <tr class="even entry public">
       <td class="access"></td>





  <a name="goog.html.TrustedResourceUrl.prototype.implementsGoogStringTypedString"></a>

  <td>


     <div class="arg">
        <img align="left" src="static/images/blank.gif">

        <span class="entryName">implementsGoogStringTypedString</span>
        : 
     </div>


     <div class="entryOverview">
       <span class='nodesc'>No description.</span>
     </div>

  </td>


  <td class="view-code">
     <a href="local_closure_goog_html_trustedresourceurl.js.source.html#line79">Code &raquo;</a>
  </td>
     </tr>


     <tr class="odd entry private">
       <td class="access"></td>





  <a name="goog.html.TrustedResourceUrl.prototype.privateDoNotAccessOrElseTrustedResourceUrlWrappedValue_"></a>

  <td>


     <div class="arg">
        <img align="left" src="static/images/blank.gif">

        <span class="entryName">privateDoNotAccessOrElseTrustedResourceUrlWrappedValue_</span>
        : 
     </div>


     <div class="entryOverview">
       The contained value of this TrustedResourceUrl.  The field has a purposely
ugly name to make (non-compiled) code that attempts to directly access this
field stand out.

     </div>

  </td>


  <td class="view-code">
     <a href="local_closure_goog_html_trustedresourceurl.js.source.html#line62">Code &raquo;</a>
  </td>
     </tr>


  </table>
</div>
</div>




<h2>Static Methods</h2>






<div class="section">
  <table class="horiz-rule">


     <tr class="even entry private">
       <td class="access"></td>






  <td>
    <a name="goog.html.TrustedResourceUrl.createTrustedResourceUrlSecurityPrivateDoNotAccessOrElse_"></a>


     <div class="arg">
       <img align="left" src="static/images/blank.gif">

        <span class="entryNamespace">goog.html.TrustedResourceUrl.</span><span class="entryName">createTrustedResourceUrlSecurityPrivateDoNotAccessOrElse_<span class="args">(<span class="arg">url</span>)</span>
        </span>
        &#8658; <span>!</span><span class="type"><a href="class_goog_html_TrustedResourceUrl.html">goog.html.TrustedResourceUrl</a></span>
      </div>


     <div class="entryOverview">
       Utility method to create TrustedResourceUrl instances.

This function is considered "package private", i.e. calls (using "suppress
visibility") from other files within this package are considered acceptable.
DO NOT call this function from outside the goog.html package; use appropriate
wrappers instead.


     </div>


    <! -- Method details -->
    <div class="entryDetails">

      <div class="detailsSection">
        <b>Arguments: </b>






<table class="horiz-rule">
     
   <tr class="even">
     <td>
        <span class="entryName">url</span>
        : <span class="type"><a href="https://developer.mozilla.org/en/Core_JavaScript_1.5_Reference/Global_Objects/String">string</a></span>
        <div class="entryOverview">The string to initialize the TrustedResourceUrl object
    with.</div>
     </td>
   </tr>
  </table>
      </div>
   
      <div class="detailsSection">
        <b>Returns:</b>&nbsp;<span>!</span><span class="type"><a href="class_goog_html_TrustedResourceUrl.html">goog.html.TrustedResourceUrl</a></span>&nbsp;
            The initialized TrustedResourceUrl
    object.
      </div>
  
    </div>
   
  </td>


  <td class="view-code">
     <a href="local_closure_goog_html_trustedresourceurl.js.source.html#line223">code &raquo;</a>
  </td>
     </tr>


     <tr class="odd entry public">
       <td class="access"></td>






  <td>
    <a name="goog.html.TrustedResourceUrl.fromConstant"></a>


     <div class="arg">
       <img align="left" src="static/images/blank.gif">

        <span class="entryNamespace">goog.html.TrustedResourceUrl.</span><span class="entryName">fromConstant<span class="args">(<span class="arg">url</span>)</span>
        </span>
        &#8658; <span>!</span><span class="type"><a href="class_goog_html_TrustedResourceUrl.html">goog.html.TrustedResourceUrl</a></span>
      </div>


     <div class="entryOverview">
       Creates a TrustedResourceUrl object from a compile-time constant string.

Compile-time constant strings are inherently program-controlled and hence
trusted.


     </div>


    <! -- Method details -->
    <div class="entryDetails">

      <div class="detailsSection">
        <b>Arguments: </b>






<table class="horiz-rule">
     
   <tr class="even">
     <td>
        <span class="entryName">url</span>
        : <span>!</span><span class="type"><a href="class_goog_string_Const.html">goog.string.Const</a></span>
        <div class="entryOverview">A compile-time-constant string from which to
    create a TrustedResourceUrl.</div>
     </td>
   </tr>
  </table>
      </div>
   
      <div class="detailsSection">
        <b>Returns:</b>&nbsp;<span>!</span><span class="type"><a href="class_goog_html_TrustedResourceUrl.html">goog.html.TrustedResourceUrl</a></span>&nbsp;
            A TrustedResourceUrl object
    initialized to <code> url</code>.
      </div>
  
    </div>
   
  </td>


  <td class="view-code">
     <a href="local_closure_goog_html_trustedresourceurl.js.source.html#line192">code &raquo;</a>
  </td>
     </tr>


     <tr class="even entry public">
       <td class="access"></td>






  <td>
    <a name="goog.html.TrustedResourceUrl.unwrap"></a>


     <div class="arg">
       <img align="left" src="static/images/blank.gif">

        <span class="entryNamespace">goog.html.TrustedResourceUrl.</span><span class="entryName">unwrap<span class="args">(<span class="arg">trustedResourceUrl</span>)</span>
        </span>
        &#8658; <span class="type"><a href="https://developer.mozilla.org/en/Core_JavaScript_1.5_Reference/Global_Objects/String">string</a></span>
      </div>


     <div class="entryOverview">
       Performs a runtime check that the provided object is indeed a
TrustedResourceUrl object, and returns its value.


     </div>


    <! -- Method details -->
    <div class="entryDetails">

      <div class="detailsSection">
        <b>Arguments: </b>






<table class="horiz-rule">
     
   <tr class="even">
     <td>
        <span class="entryName">trustedResourceUrl</span>
        : <span>!</span><span class="type"><a href="class_goog_html_TrustedResourceUrl.html">goog.html.TrustedResourceUrl</a></span>
        <div class="entryOverview">The object to
    extract from.</div>
     </td>
   </tr>
  </table>
      </div>
   
      <div class="detailsSection">
        <b>Returns:</b>&nbsp;<span class="type"><a href="https://developer.mozilla.org/en/Core_JavaScript_1.5_Reference/Global_Objects/String">string</a></span>&nbsp;
            The trustedResourceUrl object's contained string, unless
    the run-time type check fails. In that case, <code> unwrap</code> returns an
    innocuous string, or, if assertions are enabled, throws
    <code> goog.asserts.AssertionError</code>.
      </div>
  
    </div>
   
  </td>


  <td class="view-code">
     <a href="local_closure_goog_html_trustedresourceurl.js.source.html#line153">code &raquo;</a>
  </td>
     </tr>


  </table>
</div>



<h2>Static Properties</h2>






<div class="section">
  <table class="horiz-rule">


     <tr class="even entry private">
       <td class="access"></td>





  <a name="goog.html.TrustedResourceUrl.TYPE_MARKER_GOOG_HTML_SECURITY_PRIVATE_"></a>

  <td>


     <div class="arg">
        <img align="left" src="static/images/blank.gif">

        <span class="entryNamespace">goog.html.TrustedResourceUrl.</span><span class="entryName">TYPE_MARKER_GOOG_HTML_SECURITY_PRIVATE_</span>
        : 
     </div>


     <div class="entryOverview">
       Type marker for the TrustedResourceUrl type, used to implement additional
run-time type checking.

     </div>

  </td>


  <td class="view-code">
     <a href="local_closure_goog_html_trustedresourceurl.js.source.html#line205">Code &raquo;</a>
  </td>
     </tr>


  </table>
</div>









<div class="section">
  <table class="horiz-rule">


  </table>
</div>
      <!-- Column 1 end -->
    </div>

        <div class="col2">
          <!-- Column 2 start -->
          <div class="col2-c">
            <h2 id="ref-head">Package html</h2>
            <div id="localView"></div>
          </div>

          <div class="col2-c">
            <h2 id="ref-head">Package Reference</h2>
            <div id="sideTypeIndex" rootPath="" current="html.TrustedResourceUrl"></div>
          </div>
          <!-- Column 2 end -->
        </div>
</div>
</div>

</body>
</html>
